WE CLAIM: 

\y A system for enabling encryption/authentication on a data network telephony 
^system comprising: 

a data network to provide data connectivity for a plurality of data communications 
channels using data transport protocols; 
5 first and second data network telephones connected to the data network, each data 

network telephone operable to communicate a voice signal as voice-over-data packets on 
a voice-over-data channel, the voice over data channel being one of the plurality of data 
communications channels on the data network, the data network telephones operable to 
convert voice-over-data packets communicated on the voice-over-data channel to voice 
10 signals; and 

a first portable information device, the first portable information device registered 
% * to the first data network telephone and comprising a first graphical user interface and a 

VST 

~F first data network telephone interface, the first graphical user interface operable to accept 

in and display PID data, the first data network telephone interface operable to communicate 

'% 15 PID data to and from the first data network telephone; and 

a second portable information device, the second portable information device 
□ registered to the second data network telephone and comprising a second graphical user 

Jr: interface and a second data network telephone interface, the second graphical user 

H interface operable to accept and display PID data, the second data network telephone 

20 interface operable to communicate PID data to and from the second data network 
telephone, 

wherein the first and second portable information devices exchange PID data over 
a private network, wherein the first and second portable information devices transmit the 
PID data to the first and second data network telephones, wherein the PID data comprises 

25 encryption/authentication data, and wherein the first and second data network telephones 
are each operable to communicate encrypted data packets on an encrypted data channel, 
the encrypted data channel being one of the plurality of data communications channels on 
the data network, the data network telephones operable to encrypt and authenticate data 
packets using the PID data transmitted by the first and second portable information 

30 devices to the first and second data network telephones. 
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2. The system of Claim 1 wherein: 

at least a first and second user communicate on the voice-over-data 
channel and the encrypted data channel, each user identified by a user identifier 
that includes a unique sequence of alpha numeric elements 



3. The system of Claim 2 wherein each data network telephone includes a device 
identifier that corresponds to the user identifier. 

4. The system of Claim 3 wherein the device identifiers include Internet Protocol 
(IP) addresses. 

5. The system of Claim 3 wherein the user identifiers include Session Initiation 
Protocol (SIP) addresses. 

6. The system of Claim 3 wherein the user identifiers include E.164 telephone 
numbers. 

7. The system of Claim 1 further comprising: 

a network telephony user database connected to the data network to store a 
user identifier and a telephone identifier corresponding to the user identifier for 
each of a plurality of users, wherein: 
5 the user identifier includes a first sequence of alphanumeric 



5 



elements that identify a corresponding user; 



the telephone identifier includes a second sequence of 
alphanumeric elements that identifies a corresponding data 
network telephone; and 



10 



a network telephony connection server operable to receive a request 



message from the first data network telephone to initiate the voice over data 
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channel and the encrypted data channel with the second data network telephone, 
and to send a response message in response to the request message. 



8. The system of Claim 7, wherein the response and request messages are 
communicated by the network telephony connection server in accordance with the 
Session Initiation Protocol (SIP). 



9. The system of Claim 7, wherein the response and request messages are 
communicated by the network telephony connection server in accordance with the H.323 
Protocol. 



10. The system of Claim 7 wherein the response and request messages are 
communicated by the network telephony connection server in accordance with the 
MEGACO protocol. 

10. The sy^lfem of ClmppkT^herein the response and request messages are 
communicatejfl Jwtfie: network telephony connection server in accordance with the 
MGCP^ftftocol. 



11. 




The system of Claim 7 wherein: 

the request message includes a callee user identifier; and 

wherein the network telephony connection server determines the telephone 

identifier for the callee user identifier and includes the telephone identifier in the 

response message. 

The system of Claim 7 wjierein: 

the request message includes a callee user identifier; and 

wherein the Network telephony connection server determines the telephone 

identifier for the oallee identified in the callee user identifier and sends the 

response message to the callee at the telephone idenfier. 
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